A domain name system (DNS) server is employed to, among other things, resolve a fully quantified domain name (FQDN) to an Internet Protocol (IP) address. For example, a browser application running on a host computer might receive input from a user in the form of selecting a link on a webpage. The link is associated with content that is desired to be accessed by the user, but the content might be stored on a remote server. In order for the browser to obtain the content from the remote server, the browser must first obtain an IP address of the remote server. In this regard, a DNS server is configured to resolve a given FQDN provided in a DNS request, sent by the browser, to a predefined IP address. The IP address is returned by the DNS server in a DNS response. DNS servers are often operated such that most anyone can gain access to the content provider by domain name resolution.
Unfortunately, such open access has enabled hackers and other malicious actors to stage attacks by exploiting the functionality of a DNS server. One such attack is known as an amplification attack. An amplification attack is a form of a denial of service attack, wherein an attacker uses open internet services such as a DNS server to increase the amount of bandwidth sent to a victim and overwhelm its capacity. This is accomplished by spoofing a victim's source IP address and sending, with that spoofed IP address, multiple DNS requests (each comprising tens of bytes) to one or more DNS servers, which will in turn generate and send DNS responses (each comprising thousands of bytes) to the targeted victim. In other words, the relatively small requests result in very large (or amplified) responses. Such attacks are undesirable.